CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38706 – ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
https://notcve.org/view.php?id=CVE-2025-38706
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as ignore due to missing hardware component on the system. On module removal the soc_tplg_remove_link() would call snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored, no runtime was creat... • https://git.kernel.org/stable/c/8b465bedc2b417fd27c1d1ab7122882b4b60b1a0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38705 – drm/amd/pm: fix null pointer access
https://notcve.org/view.php?id=CVE-2025-38705
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CU... • https://git.kernel.org/stable/c/a83ffafd02a7af59848755c109d544e3894af737 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38704 – rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
https://notcve.org/view.php?id=CVE-2025-38704
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access In the preparation stage of CPU online, if the corresponding the rdp's->nocb_cb_kthread does not exist, will be created, there is a situation where the rdp's rcuop kthreads creation fails, and then de-offload this CPU's rdp, does not assign this CPU's rdp->nocb_cb_kthread pointer, but this rdp's->nocb_gp_rdp and rdp's->rdp_gp->nocb_gp_kthread is still valid. This will caus... • https://git.kernel.org/stable/c/cce3d027227c69e85896af9fbc6fa9af5c68f067 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38703 – drm/xe: Make dma-fences compliant with the safe access rules
https://notcve.org/view.php?id=CVE-2025-38703
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated submit queue. At the same time the fence could have been exported to a third party (for example a sync_fence fd) which will then cause an use- after-free on subsequent access. To make this safe we need to make the driver compliant wi... • https://git.kernel.org/stable/c/b17fcce70733c211cb5dabf54f4f9491920b1d92 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38702 – fbdev: fix potential buffer overflow in do_register_framebuffer()
https://notcve.org/view.php?id=CVE-2025-38702
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access. In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potenti... • https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38701 – ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
https://notcve.org/view.php?id=CVE-2025-38701
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii ext4_create_inline_data(... • https://git.kernel.org/stable/c/8085a7324d8ec448c4a764af7853e19bbd64e17a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38700 – scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
https://notcve.org/view.php?id=CVE-2025-38700
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This leads invalid pointer dereference during connection teardown. Fix by setting iscsi_conn->dd_data only if memory is actually allocated. Panic trace: ------------ is... • https://git.kernel.org/stable/c/f53af99f441ee79599d8df6113a7144d74cf9153 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38699 – scsi: bfa: Double-free fix
https://notcve.org/view.php?id=CVE-2025-38699
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability. Set bfad->im to NULL i... • https://git.kernel.org/stable/c/684c92bb08a25ed3c0356bc7eb532ed5b19588dd •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38698 – jfs: Regular file corruption check
https://notcve.org/view.php?id=CVE-2025-38698
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures. In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures. • https://git.kernel.org/stable/c/9f896c3d0192241d6438be6963682ace8203f502 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38697 – jfs: upper bound check of tree index in dbAllocAG
https://notcve.org/view.php?id=CVE-2025-38697
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted. In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of boun... • https://git.kernel.org/stable/c/5bdb9553fb134fd52ec208a8b378120670f6e784 •